Signed files on PyPI

[yan12125]

Make sure you are using the latest version: run youtube-dl --version and ensure your version is 2017.10.29. If it's not, read this FAQ entry and update. Issues with outdated version will be rejected.

• I've verified and I assure that I'm running youtube-dl 2017.10.29

Before submitting an issue make sure you have:

• At least skimmed through the README, most notably the FAQ and BUGS sections
• Searched the bugtracker for similar issues including closed ones

What is the purpose of your issue?

• Bug report (encountered problems with youtube-dl)
• Site support request (request for adding support for a new site)
• Feature request (request for a new functionality)
• Question
• Other

---

The following sections concretize particular purposed issues, you can erase any section (the contents between triple ---) not applicable to your issue

---

Description of your issue, suggested solution and other information

Currently files on PyPI are only verified via MD5 sums on pypi.python.org [1] or SHA256 sums on pypi.io [2]. I think it should be better to have those files signed. For example, numpy has detached pgp signatures for all files [3].

Technically it looks easy. Just an extra argument --sign in python setup.py upload [4] is enough.

[1] https://pypi.python.org/pypi/youtube_dl
[2] https://pypi.org/project/youtube_dl/#files
[3] https://pypi.python.org/pypi/numpy
[4] https://docs.python.org/3/distutils/packageindex.html#the-upload-command